This exposure of personally identifiable information is a stupid and easily avoidable mistake, which has likely gone on for several years. While the site—which is intended for public access—did have a login page, which anyone could use to register a username and password to access the records, doing so was unnecessary. Because of the site’s terrible design, anyone who knew the URL for the search page didn’t need to provide the Secretary of State’s office with any information whatsoever before viewing the forms.
Kobach, the Republican frontrunner in the Kansas gubernatorial election, has been secretary of state since 2011, when it appears the records were first digitized. (It’s difficult to say because some state employees, for whatever reason, have continued submitting paper forms to this day.)
Kobach’s office has spent the past few weeks trying to convince the Kansas legislature that it is, in fact, equipped to handle voluminous amounts of sensitive voter records. The interstate Crosscheck program, which is overseen by Kobach’s office, has lost control over voter data—including partial Social Security numbers—on several occasions over the past six months. Most recently, nearly 1000 Kansans were exposed after data amassed for the Crosscheck program was mistakenly leaked in Florida.